Links for 2015-08-28

  • toxy

    toxy is a fully programmatic and hackable HTTP proxy to simulate server failure scenarios and unexpected network conditions. It was mainly designed for fuzzing/evil testing purposes, when toxy becomes particularly useful to cover fault tolerance and resiliency capabilities of a system, especially in service-oriented architectures, where toxy may act as intermediate proxy among services. toxy allows you to plug in poisons, optionally filtered by rules, which essentially can intercept and alter the HTTP flow as you need, performing multiple evil actions in the middle of that process, such as limiting the bandwidth, delaying TCP packets, injecting network jitter latency or replying with a custom error or status code.

    (tags: toxy proxies proxy http mitm node.js soa network failures latency slowdown jitter bandwidth tcp)

  • Drone Oversight Is Coming to Construction Sites

    Grim Meathook Future

    (tags: grim-meathook-future drones work panopticon future sacramento building-sites)

  • grsecurity

    Open source security team has had enough of embedded-systems vendors taking the piss with licensing:

    This announcement is our public statement that we’ve had enough. Companies in the embedded industry not playing by the same rules as every other company using our software violates users’ rights, misleads users and developers, and harms our ability to continue our work. Though I’ve only gone into depth in this announcement on the latest trademark violation against us, our experience with two GPL violations over the previous year have caused an incredible amount of frustration. These concerns are echoed by the complaints of many others about the treatment of the GPL by the embedded Linux industry in particular over many years. With that in mind, today’s announcement is concerned with the future availability of our stable series of patches. We decided that it is unfair to our sponsors that the above mentioned unlawful players can get away with their activity. Therefore, two weeks from now, we will cease the public dissemination of the stable series and will make it available to sponsors only. The test series, unfit in our view for production use, will however continue to be available to the public to avoid impact to the Gentoo Hardened and Arch Linux communities. If this does not resolve the issue, despite strong indications that it will have a large impact, we may need to resort to a policy similar to Red Hat’s, described here or eventually stop the stable series entirely as it will be an unsustainable development model.

    (tags: culture gpl linux opensource security grsecurity via:nelson gentoo arch-linux gnu)

  • London Calling: Two-Factor Authentication Phishing From Iran

    some rather rudimentary anti-2FA attempts, presumably from Iranian security services

    (tags: authentication phishing security iran activism 2fa mfa)

  • Vegemite May Power The Electronics Of The Future

    Professor Marc in het Panhuis at the ARC Centre of Excellence for Electromaterials Science figured out that you can 3D print the paste and use it to carry current, effectively creating Vegemite bio-wires. What does this mean? Soon you can run electricity through your food. “The iconic Australian Vegemite is ideal for 3D printing edible electronics,” said the professor. “It contains water so it’s not a solid and can easily be extruded using a 3D printer. Also, it’s salty, so it conducts electricity.”
    I’m sure the same applies for Marmite…

    (tags: vegemite marmite 3d-printing electronics bread food silly)

  • Community – Recent Attack on McGargles

    bizarre conspiracy theory going around about McGargles microbrewery being owned by Molson in an “astroturf craft beer” operation — they apparently were set up by a bunch of ex-Molson employees. Their beer is getting stickered in off-licenses. Mental!

    (tags: beer craft-beer ireland mcgargles conspiracy-theories bizarre beoir)

This entry was posted in Uncategorized. Bookmark the permalink. Both comments and trackbacks are currently closed.

One Comment

  1. Nix
    Posted September 1, 2015 at 18:18 | Permalink

    Note: one reason why WindRiver may well not be cooperating with grsecurity is that the people behind grsecurity are very nearly impossible to work with. None of grsecurity’s stuff has been upstreamed because on attempting to interact with them the kernel team discovered that any critique at all, anything other than immediate incorporation of 100% of their proposed changes without discussion (regardless of performance hit or maintenance burden, which is significant in some cases) gets them accused of being liars conspiring with black hats to ruin the security of Linux for their own personal gain: everyone else who disagrees with them in any particular gets lumped into this category too, and if you dare change anything of theirs and incorporate it anyway they throw truly epic screaming fits complete with baseless threats of lawsuits, the whole shebang.

    Oddly working with people like this is not worth the bother. (Many these people won’t even give their names — rendering their work impossible to incorporate into the kernel at a stroke, which is of course taken as more sign of a dark conspiracy against the true forces of grsecurity light, rather than, say, bleeding obvious due diligence — but are happy to accuse others of bad faith if they refuse to divulge every detail of their personal lives on demand.)

    As for conspiring with black hats — the people behind grsecurity have in the past (on more than one occasion) found previously unknown security holes, written exploits for them, and then published, not the exploit, not a description of the hole or a fix for it, but a hash of the exploit, purely for the sake of claiming credit when someone else later finds the hole and fixes it. So it is clear that to them childish spite and claiming credit is more important than, say, actual security.

    Wind River’s sin? They use grsecurity in full compliance with the GPL while incorporating other changes into their kernel too, and don’t pay the grsecurity team for it — the horror! This is, of course, not in any sense a GPL violation, and is more or less to be expected — but to the grsecurity folks it constitutes contamination of their precious bodily fluids and is intolerable. I’d call it free advertising for grsecurity, but apparently being given free advertising is unacceptable unless you also get paid money, and having actual users is quite beyond the pale.

    I am frankly astonished that Wind River considered that grsecurity was worth using at all, given these downsides. It was a foregone conclusion that the overgrown toddlers behind the project would sooner or later throw their toys out of the pram.